IOP Conference Series: Earth and Environmental Science

PAPER • OPEN ACCESS You may also like

- Methodology for assessing the
Activity and risk identification in audit process on performance of the integrated
management system
integrated management system to increase Yu.V. Velmakina, V.A. Vasiliev and S.A.
Chernogorskiy

performance efficiency of construction services - Design of online audit mode based on

blockchain technology
organization in Indonesia Zhuo Yu, Yong Yan, Chao Yang et al.

- Using TELOS for the planning of the

information system audit
To cite this article: Afifah Dewi et al 2020 IOP Conf. Ser.: Earth Environ. Sci. 426 012014 D P Drljaca and B Latinovic

View the article online for updates and enhancements.

This content was downloaded from IP address 36.72.215.6 on 05/12/2021 at 17:37

The 3rd International Conference on Eco Engineering Development IOP Publishing
IOP Conf. Series: Earth and Environmental Science 426 (2020) 012014 doi:10.1088/1755-1315/426/1/012014

Activity and risk identification in audit process on integrated

management system to increase performance efficiency of
construction services organization in Indonesia

Afifah Dewiˡ, Yusuf Latiefˡ, and Leni Sagitaˡ

ˡDepartment of Civil Engineering, Faculty of Engineering, University of Indonesia,
Depok, 16424, Indonesia

afifahdewi1703@gmail.com, leniarif@gmail.com, latief73@ui.ac.id

Abstract. The audit process of integrated management system is combining efforts to ensure
or compare whether the work results is compatible with the criteria that have previously
determined. Likewise, the benefit of audit process of integrated management system is means
to achieve continuous improvement. Integrated management system itself is a combination of
two or more management systems that make it easier for organizations to achieve their
objectives. Specifically, in this research is talk about combine the quality management system,
environmental management system and occupational health & safety management system. The
purpose of this study is to identify the activities, objectives and risks in the audit process if the
management system is integrated (quality, environment, and occupational health & safety).
Also, to know whether that activities, objectives and risks affect the increased efficiency of the
performance of construction services organizations in Indonesia. After identified all of them,
the next step is to find out the dominant risks that may can happen in the audit process of
integrated management system. And then, the final step is to find out how to manage those
dominant risks. This study uses the respondent's survey strategy to identify activities,
objectives, and risks and uses a case study strategy to find out the dominant risk management
strategies. The results of this study in the form of activities, objectives, and risks in the
integrated management audit process and find out whether the activities, objectives and risks
affect the increase in the efficiency of the performance of construction services organizations
in Indonesia and how to manage these dominant risks.

1. Introduction

1.1. Background
A management system is one of the main process or procedure of a company or organization to
complete a task, reach a standard and achieve its objectives. In recent years, appropriate management
system standards have become a central part of continuous improvement and business excellence in
many organizations [7]. One of the most commonly used management standards in construction
projects is ISO 9001 and ISO 14001 [2]. But currently, the occupational and health management
system is also one of the highlights in construction works. That’s because working in construction
field is a high-risk job. And for everyone’s safety and well-being, both contractor and project owner
are giving more attention to reduce the work accident.

Content from this work may be used under the terms of the Creative Commons Attribution 3.0 licence. Any further distribution
of this work must maintain attribution to the author(s) and the title of the work, journal citation and DOI.
Published under licence by IOP Publishing Ltd 1
The 3rd International Conference on Eco Engineering Development IOP Publishing
IOP Conf. Series: Earth and Environmental Science 426 (2020) 012014 doi:10.1088/1755-1315/426/1/012014

The application of different management systems potentially causes conflicts between management
systems. That is why one of the benefits of the integrated management system is expected to minimize
conflicts [8] [14].
To implement a management system standard an organization must establish a process that meets
previously designed objectives and requirements. In consequence, the audit system is one of the
important things to ensure that the processes and requirements are correctly implemented [1]. To
optimize costs and time it is better to have an integrated audit, because auditing different management
systems for the same process has proven complicated [9].
There are many of the benefits and efficiency with implemented the audit integration, such as optimize
the use of resources, increasing the competencies of auditor with different management system, the
audit process of the three management system (quality, environmental, occupational health & safety)
is evaluated only once, reducing duplication work of audit process during the planning,
implementation, and even follow-up stages of the audit.
To be able to implement a good audit integration that is expected to improve the efficiency of
organizational performance, one of the things that must be done is to know what risks will affect the
efficiency of organizational performance. The first step to identify the risk that is likely to happen in
audit integration is giving an attention to the activities and the objectives of audit integration. From
that, if the activities are not going well or the objectives is not reaching its goal, the possibility of the
risk to happen is getting bigger. But in general, every activity will have a risk, so this paper is
discussing all the risk from all the activity of the audit process that is in accordance with the audit
requirements resulting from the integration of ISO 9001, ISO 14001, OHSAS 18001 by using the
basic audit standards of ISO 19011. Then after the risks of each activity are described, it can be
analyzed for preventive actions and corrective actions for the dominant risks.

1.2. Research Purposes

This study has 4 objectives in answering these problems, as follows:
 Identifying activities carried out in an audit process on an integrated management system that
influences the efficiency of the performance of construction services organizations in Indonesia.
 Determining the objectives of the activities carried out in an audit process on an integrated
management system that influences the efficiency of the performance of construction services
organizations in Indonesia.
 Identifying risks from activities that might occur in the audit process in an integrated
management system and influencing the efficiency of the performance of construction services
organizations in Indonesia.
 Understanding how to manage the dominant risk so that the integrated management system
audit process and improving the efficiency of the performance of construction services
organizations in Indonesia are not disturbed.

1.3. Operational Model

For the operational model in this study can be seen in the diagram below:

2
The 3rd International Conference on Eco Engineering Development IOP Publishing
IOP Conf. Series: Earth and Environmental Science 426 (2020) 012014 doi:10.1088/1755-1315/426/1/012014

In AUDIT PROGRAM HIGH LEVEL STRUCTURE

de  Establish the objectives of the  Organizational context
pe audit program  Leadership
nd  Establish an audit program  Planning
ent  Carrying out audit program  Operations
Va  Monitor audit program  Supporters
ria  Review and improve the audit  Performance evaluation
bel program  Repairs

Activities and Objectives

Risk
De
pe Respon Risk
nd
en
t
V Improved Efficiency of Construction
ar Service Organizations in Indonesia
ia
Figure 1. Operational Model

2. Theoretical Review

2.1. Integrated Management System

An integrated management system is a management system that combines all business components
into a comprehensive system that enables the achievement of its goals and mission [12]. A well-
integrated standard system will increase the overall value and performance of the company both
internally and externally [3] [4] [5] [6], the integration of several components in a sustainable manner
is the most potential advantage in implementing an integrated management system [15], integration
will trigger a more robust and comprehensive management system [16] [17], save resources, eliminate
things that are not needed significantly, and improve the cleanliness of production, profitability, and
efficiency of an organization [11], optimizing costs and time is better to have an integrated audit.
Quoted from the Airport Services module 2005 "Efficiency is a comparison between benefits obtained
with costs incurred". Information about organizational performance can be used to evaluate whether
the work process undertaken by the organization has been in line with the expected goals or not.
However, in reality there are many organizations that are lacking or even rarely have information
about performance in their organizations.

2.2. Audit Integration

An audit is basically an effort to ascertain or compare whether a work results in accordance with the
criteria or plan that was previously determined and as a means to achieve continuous improvement
(continuous improvement). Audit process of integrated management system or in other words audit
integration is expected to improve the efficiency of organizational performance because it can
minimize conflicts between management systems. Some of the benefits from audit integration are
optimizing business and resources; make organization to work as a unit with integrated goals to
achieve its goals and mission; also create a lighter workload; reduce the time of certification, costs,

3
The 3rd International Conference on Eco Engineering Development IOP Publishing
IOP Conf. Series: Earth and Environmental Science 426 (2020) 012014 doi:10.1088/1755-1315/426/1/012014

and documentation requirements of the system. Mourugan [10] said that in order to audit an integrated
management system effectively it is important to understand the requirements of international
management standards where these standards follow the TQM philosophy of Plan-Do-Check-Act. The
PDCA concept itself adopts a process approach to establishing, implementing, operating, monitoring,
reviewing, maintaining and improving organizational processes. Also, the PDCA concept itself is
implemented in ISO 9001, ISO 14001, and ISO 45001 / OHSAS 18001. Then from quality
management system, environmental management system, safety and health management system each
of them has 10 High-Level Structure (HLS) clauses, but only 7 High Level Structure clauses apply to
audit integration where the 7 clauses are the basis for conducting an audit checkpoint and from that the
activities that needs to be done in the audit integration is identified. The 7 HLS clauses include
organizational context, leadership, planning, operations, supporters, performance evaluation, repairs
[10] [14] [15] [11] [3] [4] [5] [6].

3. Research Method
This study used the Delphi method in analysing the data obtained, and conducted a survey using
questionnaire instruments and interviews with experts who had experience in the audit process and
integrated management system (quality, environment and occupational health & safety). Delphi
method is a structured communication technique or method, originally developed as a systematic,
interactive forecasting method which relies on a panel of experts. The technique can also be adapted
for use in face-to-face meetings and is then called mini-Delphi.
The first stage is the collection and analysis of data for the validation of activities and the
objectives of the integrated management system audit process and the validation of the definition of
efficiency in the performance of construction services organizations in Indonesia, at this stage the
process of collecting and analyzing data using the Delphi method.
The second stage is the collection and analysis of data for the validation of risk related activities
in the integrated management system audit process. Where at this stage also uses the Delphi method.
The third stage is the collection and analysis of data for the final validation of the activities,
objectives and risks of the integrated integrated management system audit process. This is because in
this study analyzed using the Delphi method, it must be validated at least twice a round.
The fourth stage is the collection and analysis of pilot survey data which aims to determine
whether the variables that have been validated in step 3 are understandable and can be used for the
primary respondent survey.
The fifth stage is the collection and analysis of data for the main respondent survey related to
the assessment of the frequency of risks and the impact of the integrated management system audit
process on improving the efficiency of the performance of construction service organizations in
Indonesia. At this stage the analysis uses the Probability and Impact Matrix to get the risk rating / level
whether high, medium or low.

Figure 2. Probability and Impact Matrix [13]

4
The 3rd International Conference on Eco Engineering Development IOP Publishing
IOP Conf. Series: Earth and Environmental Science 426 (2020) 012014 doi:10.1088/1755-1315/426/1/012014

The sixth stage is the collection and analysis of data for the strategy to face or manage the
dominant risk.
The seventh stage is the collection and analysis of data to validate the dominant risk
management strategy.

4. Research Result and Discussion

Based on the four formulations of existing problems with seven stages of data collection and analysis,
the results of the research are in the form of activities, objectives, risks, and dominant risk responses in
audit process on the integrated management system. Where in this paper focuses on dominant risk,
dominant risk response, and from what activities cause these risks to occur.

4.1. Dominant Risk Rating and Response

The following table is discussed about the dominant risk rating and response from the highest three
risks. Which is divided into two parts, table 1 is discussed about the highest three risks from the audit
program and table 2 is discussed about the highest three risk from high- level structure (ISO). The
dominant risk response consists of causes and effects of risks, the preventive actions to prevent risk
happen, and the corrective actions to correct the risks that have happened.
Table 1. Dominant Risk Response for Audit Program Risks

Rank Code Risk Value Preventive Actions Corrective Actions

of
Risk
Carrying Out Audit Program (R3)
R3.5 The results of the 0.372 Prepare a clear list of Make standard operational
audit program are work and detailed procedures related to the
incomplete, results that should be audit program in detail and
making collected before in accordance with reality,
conclusions conducting a program detailing the things that
difficult. audit. need to be audited in detail.
Establish an Audit Program (R2)
R2.3 The chosen person 0.282 Make a binding Give a warning to the
cannot properly responsibility parties concerned, give
manage and be agreement and clear advice to improve their
responsible for the sanctions if the person performance, or replace the
audit program. chosen cannot be person with someone who
responsible for the meets the criteria /
audit program. experience.
Monitor Audit Program (R4)
R4.1 The 0.280 Make standard The implementation of the
implementation of operational procedures audit program should be
the audit program related to the audit carried out immediately,
is late, not program in detail and with providing a deadline
according to the in accordance with so that the level of delay is
schedule and audit reality, make a realistic not too high, also assigning
objectives. audit schedule and set a team that has experience
clear objectives, in the audit program so that
identify things that can the implementation can be
hinder the audit conducted effectively, and
program and prepare a correcting the existing
back up plan when this schedule according to the
happens. current conditions.

5
The 3rd International Conference on Eco Engineering Development IOP Publishing
IOP Conf. Series: Earth and Environmental Science 426 (2020) 012014 doi:10.1088/1755-1315/426/1/012014

Table 2. Dominant Risk Response for High Level Structure (ISO)

Rank Code Risk Value Preventive Actions Corrective Actions

of
Risk
Operations (RH4)
1. RH4.3 People who do 0.317 Conduct publications Impose sanctions on
work under and provide workers who do not follow
control do not understanding the STI policy, carry out
follow the policies regarding the more unique / creative
of the integrated importance of ways from publications
management following IMS related to targets that were
system properly, policies so that IMS previously carried out to
are not informed effectiveness can be inform the target so that the
of the objectives achieved, ensuring workers pay more attention.
of the integrated that IMS targets are
management informed throughout
system, and do not the workforce by
contribute to the conducting two-way
effectiveness of communication.
the integrated
management
system.
Leadership (RH2)
2. RH2.4 Work policies and 0.269 Involving the Provide a re-understanding
commitments are opinions of workers of workers regarding
not properly when making policies and frameworks,
implemented by policies and issuing improve policies and
workers work, carrying out frameworks if there is a
two-way realistic input from workers
communication that causes workers unable
between top to implement policies and
management and frameworks, imposes
workers related to sanctions on workers who
policies and do not follow policies and
improving work can frameworks there is.
be well implemented
by workers making
policies and
supporting
challenging work
Operations (RH4)
3. RH4.5 The existing 0.268 Providing training on Conduct activities that can
communication how to communicate improve communication
process does not well, instills a culture between workers
work well. So, of good
much information communication from
is not delivered top management to
workers.

6
The 3rd International Conference on Eco Engineering Development IOP Publishing
IOP Conf. Series: Earth and Environmental Science 426 (2020) 012014 doi:10.1088/1755-1315/426/1/012014

4.2. Activities that Lead to Dominant Risk

The dominant risk that has been identified comes from activities in the audit process of integrated
management system. Therefore, one way to minimize the occurrence of a dominant risk is to pay
attention to activities that cause the dominant risk. This does not mean the activity has a negative
impact, but it is an early warning to be careful in carrying out activities that if something goes, wrong
can lead to a dominant risk. The following table is discussed about the activities that lead to dominant
risk. Which is divided into two parts, table 3 is discussed about activities from audit program that lead
to dominant risk and table 4 is discussed about activities from high level structure that lead to
dominant risk.
Table 3. Activities from Audit Program that Lead to Dominant Risk

Code Risk Activity

Carrying Out Audit Program (R3)
R3.5 The results of the audit program are The organization manages the results of the audit
incomplete, making conclusions program.
difficult.
Establish an Audit Program (R2)
R2.3 The chosen person cannot properly The organization selects the person who manages
manage and be responsible for the and is responsible for the audit program
audit program.
Monitor Audit Program (R4)
R4.1 The implementation of the audit The organization monitors conformity with the audit
program is late, not according to the program, schedule and audit objectives
schedule and audit objectives.

Table 4. Activities from High Level Structure that Lead to Dominant Risk

Code Risk Activity

Operations (RH4)
RH4.3 People who do work under control
do not follow the policies of the
integrated management system
properly, are not informed of the
objectives of the integrated
management system, and do not
contribute to the effectiveness of
the integrated management
system.
Leadership (RH2)
RH2.4 Work policies and commitments
are not properly implemented by
workers
Operations (RH4)
RH4.5 The existing communication
process does not work well. So,
much information is not delivered
The organization ensures that people carrying out
work under the control of the organization are aware
of integrated management system policies, integrated
management system objectives, and their
contribution to the effectiveness of integrated
management systems including the benefits of
improving performance quality, as well as
implications of incompatibility with integrated
management system requirements
Top management establishes policies that are in line
with the objectives of the organization, provides a
framework for establishing the objectives of
Integrated Management System (quality, K3, and
environment) that includes a commitment to meet the
applicable requirements, and includes a commitment
to continue to improve the effectiveness of Integrated
Management System
Organizations determine internal and external
communication relevant to integrated management
systems including what methods are used, when it is

7
The 3rd International Conference on Eco Engineering Development IOP Publishing
IOP Conf. Series: Earth and Environmental Science 426 (2020) 012014 doi:10.1088/1755-1315/426/1/012014

done, who are the people involved and how to

communicate

In audit program, the activities that lead to the dominant risk is contained in the section of carrying out
audit program, establish an audit program and monitor an audit program. And then in high level
structure section, the activities that lead to the dominant risk is contained in the operation clauses and
leadership clauses. So, it can be concluded that the activities that lead to the dominant risk are
activities that related to organizational management, communication within the organization, the
responsibilities of every individual in the organization for the organization, understanding of
integrated management systems and how to apply the integrated management systems
properly.Therefore, these things must be considered properly in carrying out activities that can pose a
dominant risk. One way to pay attention and carry out these activities properly is to implement
preventive measures that have been previously identified.

5. Conclusion
Based on the results of testing and analysis that have been done, it can be concluded as follows:
 The dominant risk in the audit process in an integrated management system is divided into two
parts, those that originate from the audit program and originate from the high level structure
(ISO).
 Three dominant risks in the audit program are in carrying out audit programs that have a risk
value of 0.372, establish an audit program that has a risk value of 0.282 and monitor audit
programs that have a risk value of 0.280.
 The three dominant risks in high level structure come from operations clauses that have a risk
value of 0.317, leadership clauses that have a risk value of 0.269, and operations clauses that
have a risk value of 0.268.
 Things that must be considered in carrying out activities that can pose a dominant risk are
organizational management, communication within the organization, the responsibilities of
every individual in the organization for the organization, understanding of integrated
management systems and how to apply them properly.

6. References
[1] Beckmerhagen, I., Berg, H., Karapetrovic, S., & WIllborn, W. (2003). Integration of management
systems: focus on safety in the nuclear industry. International Journal of Quality and
Reliability Management .
[2] Casadesus, M., Bernardo, M., & S Karapetrovic, I. H. (2010). An empirical study on the
integration of management system audits. Journal of Cleaner Production 18, 486-495.
[3] ISO. (2015). ISO 14001:2015 Environmental Management Systems.
[4] ISO. (2015). ISO 9001:2015 Quality Management System.
[5] ISO. (2018). ISO 19011:2018 Guidelines for auditing management systems.
[6] ISO. (2018). ISO 45001:2018 Occupational health and safety management systems Requirements
with guidance for use.
[7] Kraus, J., & Grosskopf, J. (2008). Auditing integrated management systems: Considerations and
practice tips, Environmental Quality Management.
[8] Masuin, R., Latief, Y., Zagloel, T. Y., & Sagita, L. (2018). Integrated Management System to
Achieve Sustainable Construction - A Conceptual Framework. AIP Conference Proceeding.
American Institute of Physics.
[9] Mourugan, S. (2015). Auditing Integrated Management System for Continuing Suitability,
Sustainability and Improvement, Journal of Bussines and Management. 17(10) 01-14.
[10] Mourugan, S. (2015). Planning Integrated Management System audit to ensure Conformance,
Consistency and Continual Improvement. Journal of Bussines and Management.

8
The 3rd International Conference on Eco Engineering Development IOP Publishing
IOP Conf. Series: Earth and Environmental Science 426 (2020) 012014 doi:10.1088/1755-1315/426/1/012014

[11] Mustapha, M. A., Manan, Z. A., & Alwi, S. R. (2017). Sustainable Green Management System
(SGMS) An integrated approach towards organisational sustainability. Journal of Cleaner
Production.
[12] Muzaimi, H., Chew, B. C., & Hamid, S. R. (2017). Integrated Management System: The
Integration of ISO 9001, ISO 14001, OHSAS 18001, and ISO 31000 AIP Conference
Proceeding. Melaka: American Institute of Physics.
[13] Project Management Institute. (2013). A Guide to The Project Management Body of Knowledge
(PMBOK Guide) (5th Edition ed.). Newston Square, Pennsylvania: USA: Project Management
Institute,Inc.
[14] Robelo, M. F., Santos, G., & Silva, R. (2014a). A Metodology to Develop the Integration of the
Environmental Management System with Other Standardized Management Systems. Scientific
Research Publishing Inc.
[15] Robelo, M. F., Santos, G., & Silva, R. (2014b). A generic model for integration of Quality,
Environment and Safety Management Systems. The Total Quality Management Journal.
[16] Zeng, S. X., Tam, C. M., & Deng, Z. M. (2005). Towards implementation of ISO 14001
environmental management systems in selected industries in China. Journal of Cleaner
Production.
[17] Zeng, S., Shi, J., & Lou, G. (2005). A synergetic model for implementing an integrated
management system: an empirical study in China. Journal of Cleaner Production.

Acknowledgements
The authors would like to thank the financial support provided by the University of Indonesia through
the PITTA 2019 finding scheme managed by Directorate for Reseacrh and Public Services (DRPM)
University of Indonesia.